Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

[M] EXPIRATION_TIME constant will not apply across contests deployed on different chains, leading to unfair distribution of prizes

golanger85

Summary

During the call to deployProxyAndDistributeByOwner the contract checks if the contest has expired,
before deploying the proxy and distributing the prizes.

if (saltToCloseTime[salt] + EXPIRATION_TIME > block.timestamp) revert ProxyFactory__ContestIsNotExpired();

The EXPIRATION_TIME constant is set to 7 days.

Vulnerability Details

However, since chains like Polygon, Optimism, Arbitrum, and BSC have a faster block time than Ethereum,
its very possible that block.timestamp will be greater than the EXPIRATION_TIME constant.

Impact

If this happens, this condition might not be met and prizes will be distributed to winners prematurely, before
other participants have had a chance to submit their solutions.

Tools Used

Manual Review

Recommendations

You could use an Oracle to get the current block.timestamp across the desired chains of deployment.

Then use the Oracle to check the current block timestamp before ascertaining if the contest has expired.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.